68 Commits

Author SHA1 Message Date
Sam Yaple
1ab8bc184c Fixes group name for keepalived.conf
Also included is removing the executable bit on haproxy.cfg.j2 as it
should not have those permissions in the repo. It has no affect on the
templating process.

Change-Id: I9c76e528896bdf1799b8eeb62ae77bc4ad0b4449
Closes-Bug: #1482832
2015-08-08 05:28:07 +00:00
Jenkins
4811fd7251 Merge "Add check_script for haproxy in keepalived" 2015-08-07 18:38:43 +00:00
Ryan Hallisey
cd3536ec31 Glance api and Glance registry shouldn't share tags
In the ansible tool, both the Glance api and registry share
the same release tag and they shouldn't.

Change-Id: I5f5f288d192586b84963d59d94567371d28b76a0
Closes-bug: #1482374
2015-08-06 16:24:30 -04:00
Sam Yaple
98a379b0fd Reduce dependencies on the dest nodes
Currently we require a slew of deps on each destination node, this
includes a gcc compiler and installing things via pip. We can remove
these dependencies by containerizing them and running and Ansible
inside the container itself. The container would then report back
facts about idempotency.

DocImpact
Closes-Bug: #1481495
Implements: blueprint containerize-dependencies
Change-Id: I3dfccbf9fafc06ffc36e78f3006fe5d3367891df
2015-08-06 01:32:05 +00:00
Sam Yaple
8ede380f1d Add check_script for haproxy in keepalived
This patch checks that haproxy is alive and running. It does this by
using socat to talk to the haproxy socket. That socket will only
respond successfully when haproxy is active and functional.

Change-Id: I528588d5742071103c28109a69842a6f935232c2
Closes-Bug: #1478570
2015-08-05 11:10:53 +00:00
Sam Yaple
c2dbbde371 Fixes tags and when conditional for HAProxy
A missing comma after the second tag prevented the when conditional
from being evaluated correctly.

Change-Id: Ic18462212452a22ad556bed114e0a99440abe1ff
Closes-Bug: #1481130
2015-08-04 01:38:34 +00:00
Sam Yaple
b401a90254 Add linuxbridge as option to ansible
Allows the user to configure neutron_plugin_agent value for Ansible.
Current allowed values are openvswitch and linuxbridge.

Implements: blueprint ansible-neutron-linuxbridge

Change-Id: I0572464a5459d2f9da09b6da22db16e240511f99
2015-08-02 11:48:21 +00:00
Jenkins
38418befc0 Merge "Fixes race condition in ansible playbooks" 2015-08-01 19:32:48 +00:00
Jenkins
a44b0a4b9f Merge "Use sleep during database bootstrap" 2015-08-01 19:32:18 +00:00
Sam Yaple
0fb09203d5 Removes unneeded variables
These variables are defined in the defaults.yml file

Change-Id: I45de4fbd41c50e2a8fe3233cdffc467c9a594aa5
Closes-Bug: #1480498
2015-08-01 00:40:28 +00:00
Sam Yaple
8e03952c10 Fixes race condition in ansible playbooks
Bundling in a run_once error that beaks with multinode and the race

Change-Id: Ia3779d9a291f8d652fc81fe5ebcab88241805c8d
Closes-Bug: #1480468
2015-07-31 22:40:21 +00:00
Sam Yaple
d32ed35d13 Use sleep during database bootstrap
A small sleep is used to allow the database to initialize before
starting the databases on the other hosts.

Change-Id: I1ea9ee8be55f47ae917f9985431e1e919f64c101
Closes-Bug: #1479970
2015-07-31 22:06:55 +00:00
Jenkins
3970c45607 Merge "Update inventory examples for Ansible" 2015-07-31 21:17:43 +00:00
Sam Yaple
2b98ac3981 Update inventory examples for Ansible
Change-Id: I14beadf8ae0b4f117623331dca71eff3d45b51f1
Closes-Bug: #1480439
2015-07-31 19:36:17 +00:00
Harm Weites
a1a78044b5 Remove the explicit chown root
This is not possible when running multihost ansible.
Essentially this should've been part of #1476293.

Change-Id: I53baccf5f89e71ce1313524815f928ea04908a05
Partitially-Implements: blueprint ansible-service
2015-07-31 20:47:53 +02:00
Vladislav Belogrudov
2887c6d2e4 Add missing slash if docker registry is specified
If user specifies registry a full image name is constructed by
concatenation of the registry, namespace and image. Currently
concatenation does not include '/' if registry is non-empty but
it should. If registry is empty '/' is not required.
This fix covers both use cases with help of Ansible filter.

Change-Id: I0588dd0da55d777e6caa7eb47d51b2435d38d5e0
Closes-Bug: #1479013
2015-07-31 18:38:16 +03:00
Jenkins
f8fe9372e0 Merge "Properly use groups throught Ansible" 2015-07-31 09:04:11 +00:00
Jenkins
e9db94135d Merge "Rename role name to service name" 2015-07-31 09:03:50 +00:00
Sam Yaple
0007d3325d Properly use groups throught Ansible
Additionally, make each service optional witha config option allowing
for extreme flexibility should the deployer want to replace a service
with a non-kolla one (the database for example).

Change-Id: I7b644da7cfa7e8e6b6878eb1b1aa97db830504ae
Closes-Bug: #1478509
2015-07-30 19:35:33 +00:00
Sam Yaple
0382909dbb Rename role name to service name
The original purpose for having an abstract like 'database' rather than
the service name of 'mariadb' has been change. Our direction is different
and this patch reflects consistent naming throughout

Change-Id: I704896191cc5243f9dab2a4cca9120e9dc2ceb2c
Closes-Bug: #1478328
2015-07-30 19:35:17 +00:00
Sam Yaple
3bc9adf9b2 Forces metadata to bind to single interface
Also adds haproxy config for metadata.

Change-Id: I65c1ae5f491d66bf4dccaa38a9a2ad4026c1f72e
Closes-Bug: #1478333
2015-07-30 19:10:11 +00:00
Sam Yaple
ab9f652113 Add keepalived to ansible
Adds the needed ansible bits to support keepalived

Closes-Bug: #1479934
Change-Id: Iace29b23a0e923b1f5dc9a4f5bc0f88afce3ae62
Partially-Implements: blueprint ansible-service
2015-07-30 19:08:22 +00:00
Jenkins
15eb390ab3 Merge "Ansible install of HAProxy" 2015-07-30 16:42:12 +00:00
Jenkins
5da87d4ced Merge "Adds glance and nova data volume" 2015-07-28 21:36:23 +00:00
Sam Yaple
e4e0eb439e Remove psuedo-legalize as it is no longer valid
Change-Id: I8eb94b9beec3ebee9f9c80584e05f568b264749f
2015-07-28 18:49:42 +00:00
Michal Jastrzebski (inc0)
2d920745a4 Ansible install of HAProxy
This commit consists HAProxy ansible bits including config generation,
container deployment and hot reloads.

Closes-Bug: #1477915
Co-Authored-By: Sam Yaple <sam@yaple.net>
Change-Id: Ie93fa68fdb6b2885889c992ff1267d38b68e0cbc
Partially-implements: blueprint ansible-service
2015-07-28 15:46:42 +00:00
Jenkins
4d6eaa25fc Merge "Tells rabbitmq to listen on single ip" 2015-07-28 15:16:04 +00:00
Jenkins
b3a127dbad Merge "Don't try to chown root:root /tmp/kolla_mariadb_cluster" 2015-07-28 13:19:57 +00:00
Jenkins
615bbc1861 Merge "Removes hashing from merge_configs.py" 2015-07-28 08:00:12 +00:00
Sam Yaple
53c0ada479 Removes hashing from merge_configs.py
There is no benefit to hashing in merge_configs.py In fact, the opposite
is true, hashes can collide. This does a direct compare rather than hash.

Change-Id: I9ab7af13e813e2267984092027daf1658faf5bf3
Closes-Bug: #1478494
2015-07-27 10:06:55 +00:00
Sam Yaple
0c6594c258 Tells rabbitmq to listen on single ip
This binds rabbitmq, epmd, and the management plugin to a single ip. The
syntax is very tricky, but this is all functional.

Change-Id: Iecbb00f6c4fe3044688ae3258da31b9aabbd1501
Closes-Bug: #1478073
2015-07-26 10:16:30 +00:00
Sam Yaple
1167f11813 Adds glance and nova data volume
Change-Id: I179a20e637274659cf6e3b2d8a61ff2728fa084b
Closes-Bug: #1478315
2015-07-26 08:12:52 +00:00
Harm Weites
386ba3070a Don't try to chown root:root /tmp/kolla_mariadb_cluster
This just fails when not running as root.

Change-Id: Ic3fc55d519c6165df917cf333a38907232fe3ed7
Partitially-Implements: blueprint ansible-service
Closes-bug: #1476293
2015-07-26 10:12:40 +02:00
Sam Yaple
005ec9ee70 Update init-runonce
This makes some changes to init-runonce to allow using Ansible as well as
updating it to use the openstack-client where applicable since the
keystone-client is not usable with keystone v3 api at all.

Change-Id: I6b9d6beb04df7724b1967638e98042ab03221cd1
Closes-Bug: #1477725
2015-07-23 21:05:11 +00:00
Jenkins
922093044e Merge "Properly use all configs with neutron" 2015-07-23 18:57:42 +00:00
Sam Yaple
3b30760e2d Fix compute permissions and start params
neutron-server was not properly using ml2_conf.ini

nova did not have ovs utils, and it had incorrect libvirt permissions

Change-Id: I43d2110d0b5fc1940d887dace95787e1ebbe142d
Partitially-Implements: blueprint ansible-service
2015-07-23 18:20:42 +00:00
Sam Yaple
d1f2ec8c8a Properly use all configs with neutron
Change-Id: Ie347964d42e7060c69047b1aeece1cf0ad311ae6
Partially-Implements: blueprint ansible-service
2015-07-23 15:22:01 +00:00
Jenkins
63035f7ce4 Merge "Adds the appropriate tools to addin the ovs bridge" 2015-07-23 13:40:57 +00:00
Jenkins
1c86345529 Merge "Allows neutron-agents l3 agent to communicate with OVS" 2015-07-23 13:28:19 +00:00
Steven Dake
ad57661d51 Copy ml2_conf.ini to correct location
The ml2_conf.ini file which sets OpenVswitch as the mechanism driver
was not being copied to the corect place.  This patch resolves that
problem.

Change-Id: Ia276916a3183564c9b7d8d6aa9595c384ed99cf6
Closes-Bug: #1477399
2015-07-23 13:01:07 +00:00
Steven Dake
4789f9188a Allows neutron-agents l3 agent to communicate with OVS
The neutron-agents l3 agent requires access to the OVS database via
access to /run.  It also needs to have ovs-vsctl binary available in
the container.

Change-Id: I903537b570cd60c9bb1088e9408a5f6ea4988d8f
Closes-Bug: #1477376
2015-07-23 05:53:51 -07:00
Sam Yaple
77f71b9f59 Adds the appropriate tools to addin the ovs bridge
Ansible will exec a script in the OVS container to ensure the bridge and
ports are properly setup. The script is idempotent.

Change-Id: I5adca595a4d2ef4edf26c9635cfa5ceb30ca4a59
Closes-Bug: #1466375
2015-07-23 12:15:31 +00:00
Sam Yaple
f47fb972b6 Ansible Neutron support
Add initial Ansible support for Neutron

Change-Id: Idad011945bff914535d1ac0eb09cc9d3b0882fbe
Partially-Implements: blueprint ansible-service
2015-07-19 12:37:49 +00:00
Steven Dake
9c5e708fe2 Add pid_mode to libvirt
Libvirt requires pid_mode to Host to operate on Fedora Hosts.  Further
we will need this for libvirt upgrade.  I am not entirely sure why
libvirt running with pid=host gets things working, but it definately
has something to do with CentOS's libvirt's integration with systemd.

Nailing down the problem, the interface to the Docker module accepts only
None or "host".  There is no way to generate a None type except with !!null
in yml, but this does not work in the jinja2 parser.  As a result, one
solution is this conditional.  A better long term solution would be for
the Docker module to take some other argument to indicate None that can
be expressed in a string.

Change-Id: I54eb87e8ce8679bbf12f671527280c73e195b2e4
Closes-Bug: #1473270
2015-07-15 13:24:35 -07:00
Jenkins
8bb49e9653 Merge "Ansible Nova w/ libvirt support" 2015-07-15 03:36:01 +00:00
Sam Yaple
37ca7222bb fix possible symlink attack with ansible
The commands used to create a temporary file on the localhost were
vulnerable to a symlink attack. Removing the shell module and ensuring
the ansible copy and file module is used will verify this file exists as a
file with the correct permissions and ownership

Change-Id: I829483edf1435e41726ebfe1bc826e0c2e5265e3
Closes-Bug: 1471376
2015-07-14 02:51:54 +00:00
Jenkins
7c29bdd1af Merge "Add temporary Ansible keystone modules" 2015-07-13 17:16:37 +00:00
Sam Yaple
7da0b2a80c Ansible Nova w/ libvirt support
Initial support for Nova in Ansible

Partially-Implements: blueprint ansible-service

Change-Id: I4b0a74bd3e5daa5664f5e1e622bfb40c3285949e
2015-07-12 12:44:14 +00:00
Sam Yaple
05a6640a0f Add temporary Ansible keystone modules
Due to the licensing issues and the modules not existing in upstream
Ansible yet, I have written a simple module to fill the gaps.

This also uses Keystone v2.0 for all create of users, roles and
endpoints. The implementation of Keystone v3 must be discussed after the
new modules arrive.

Partially-Implements: blueprint ansible-service

Change-Id: I389edd56741360dd26fbbc0a982f365ca27ff446
2015-07-12 03:14:49 +00:00
Sam Yaple
8f194e50a0 Fixes an issue with AIO and galera clusters
AIO nodes had an address in the gcomm list which would prevent AIO
containers from starting appropriately.

Change-Id: I6db8c831ef9f9c0348748eb9539db326dc0df048
Closes-Bug: #1472481
2015-07-11 09:05:29 +00:00